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It herewith submits to the United States Designated/Elected Office (DO/EOAJS) the following items and other information: 
3 This is a FIRST submission of items concerning a filing under 35 U.S.C. 371. 
] This is a SECOND or SUBSEQUENT submission of items concerning a filing under 35 U.S.C. 371 . 
3 This is an express request to begin national examination procedures (35 U.S.C. 371(f)) at any time rather than delay 
examination until the expiration of the applicable time limit set in 35 U.S.C. 371(b) and PCT Articles 22 and 39(1). 
3 A proper Demand for International Preliminary Examination was made by the 19th month fl-om the earliest claimed priority date. 
3 A copy of the International Application as filed (35 U.S.C. 371 (c) (2)) 

a. □ is transmitted herewith (required only if not transmitted by the International Bureau). 

b. S has been transmitted by the International Bureau. 

c. □ is not required, as the application was filed in the United States Receiving Office (RO/US). 
] A translation of the International Application into English (35 U.S.C. 371 (c)(2)). 

a A copy of the International Search Report (PCT/IS A/2 1 0). 

3 Amendments to the claims of the Intemational Application under PCT Article 1 9 (35 U.S.C. 37 1 (c)(3)) 

a. □ are transmitted herewith (required only if not transmitted by the Intemational Bureau). 

b. □ have been transmitted by the Intemational Bureau. 
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A translation of the amendments to the claims under PCT Article 19 (35 U.S.C. 371(c)(3)). 
An oath or declaration of the inventor(s) (35 U.S.C. 371 (c)(4)). 
A copy of the Intemational Preliminary Examination Report (PCT/IPEA/409). 

A translation of the annexes to the Intemational Preliminary Examination Report under PCT Article 36 
(35 U.S.C. 371 (c)(5)). 
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An Information Disclosure Statement under 37 CFR 1.97 and 1.98. 
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IN THE UNITED STATRS PATENT & TRADEMARK OFFTrF. 
IN RE APPLICATION OF: : 

MARTIN HAMMARSTROM ET AL : ATTN: APPLICATION DIVISION 

SERIAL NO: NEW U.S. PCT APPLICATION: 
(Based on PCT/SE99/01561) 

FILED: HEREWITH : EXAMINER: 

FOR: IMPROVEMENTS IN, OR : 
RELATING TO, TRANSMISSION 
SYSTEMS 

PRELIMINARY AMENDMENT 

ASSISTANT COMMISSIONER FOR PATENTS 
WASHINGTON, D.C. 20231 

SIR: 

Prior to a first examination on the merits, please amend the above-identified 
application as follows: 

THE TITLE 

Please amend the title to read: 
-lAmANSMISSIOT^^ 

_ FIREWALL PROTECTED NETWORK-. 



INTHECT.ATMS 
Please amend the claims as follows: 

~3. (Amended) A transmission system, as claimed in claim 1, characterised in that 
said ilrewall is adapted to be transparent to IP -communication through the firewall from the 
inside to the outside thereof, and, for a limited period of time, open to IP-communication 
through the firewall from the outside to the inside thereof. 

4. (Amended) A transmission system, as claimed in claim 1, characterised in that 
said first IC-breaker (IC-BREAKER 1) is adapted, on receipt of an IP data packet, to store 
said IP data packet and send said stored IP data packet through the open firewall to the second 
IC-breaker (IC-BREAKER 2), when the firewall has been the opened. 

5. (Amended) A fransmission system, as claimed in claim 1, characterised in that 
said second IC-breaker (IC-BREAKER 2) is adapted to identify the size of a Ping IP-packet 
received from a sender in the form of a IC-breaker said size being indicative of the type of 
packet, which has been received and the port via which it was received. 

6. (Amended) A transmission system, as claimed in claim 1, characterised in that 
said protected network is a Local Area Network (LAN). 

7. (Amended) A transmission system, as claimed in claim 1, characterised in that 
said system is an Asynchronous Transfer Mode (ATM) fransmission system, adapted for the 
transmission of IP data packets, using ATM as a carrier network. 

1 1 . (Amended) A method, as claimed in claim 8, characterised in that said protected 
network is a Local Area Network (LAN). 

12. (Amended) A method, as claimed in claun 8, characterised in that said system is 
an Asynchronous Transfer Mode (ATM) transmission system, adapted for the fransmission of 
IP data packets, using ATM as a carrier network. 
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15. (Amended) Apparatus, as claimed in claim 13, characterised in that the IC- 
breaker (IC-BREAKER 2), located on the protected network side of the firewall is adapted to: 
identify the size of a Ping IP-packet, received from a sender in the form of a IC- 
breaker, located outside the firewall, said size being indicative of the type of packet 
which has been received and the port via which it was received; 
return the Ping IP-packet to the sender, which opens the firewall for a limited period 
of time; 

await receipt, from the sender, of said IP data packet for the protected network during 
said limited period of time said firewall is open; and 
send the received IP data packets to the protected network. 

17. (Amended) An IC-breaker adapted for use with apparatus as claimed in claim 13, 
characterised in that said IC-breaker includes means for transmitting PING packets to an IC- 
breaker, located behind a firewall, means for storing a received IP packets, means for 
detecting receipt of said IP packets from within said furewall, and means, operative in 
response to receipt of IP packets to transmit stored IP packets. 

18. (Amended) An IC-breaker adapted for use with apparatus as claimed in claim 13, 
characterised in that said IC-breaker includes means for identifying a received PING packet 
and determining an associated IP packet type therefrom, means for transmitting an IP packets 
of said associated IP packet type through the firewall, means for receiving an IP packet 
transmitted through said firewall, and means for distributing said IP packet to a predetermined 
address. 

19. (Amended) A transmission system, adapted for the transmission of IP data 
packets, said system including an IP-network (LAN) protected by a firewall, characterised in 
that said system includes an apparatus as claimed in claim 13. 



20. (Amended) A communications system including a transmission system as 
claimed in claim 1 .-- 



REMARKS 

Favorable consideration of this application, as presently amended, is respectfully 
requested. 

The present preliminary amendment is submitted to place the above-identified 
application in more proper format under United States practice. By the present preliminary 
amendment the title has been amended to be consistent with that in the PCX publication 
sheet. The claims have also been amended to no longer recite any improper multiple 
dependencies. 



The present application is believed to be in condition for a full and thorough 



examination on the merits. An early and favorable consideration of the present application 
hereby respectfully requested. 

Respectfully submitted, 

OBLON, SPIVAK, McCLELLAND, 
MAIER & NEUSTADT, P.C. 

Gregory J. Maier 
Attorney of Record 
Registration No. 25,599 
Surinder Sachar 
Registration No. 34,423 
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~3. (Amended) A transmission system, as claimed in claim 1 [or claim 2], 
characterised in that said firewall is adapted to be transparent to IP-communication through 
the firewall firom the inside to the outside thereof, and, for a limited period of time, open to 
IP-communication through the firewall firom the outside to the inside thereof. 

4. (Amended) A transmission system, as claimed in [any preceding] claim 1, 
characterised in that said first IC-breaker (IC-BREAKER 1) is adapted, on receipt of an IP 
data packet, to store said IP data packet and send said stored IP data packet through the open 
firewall to the second IC-breaker (IC-BREAKER 2), when the firewall has been the opened. 

5. (Amended) A transmission system, as claimed in [any preceding] claim 1, 
characterised in that said second IC-breaker (IC-BREAKER 2) is adapted to identify the size 
of a Ping IP -packet received from a sender in the form of a IC-breaker said size being 
indicative of the type of packet, which has been received and the port via which it was 
received. 

6. (Amended) A transmission system, as claimed in [any preceding] claim 1, 
characterised in that said protected network is a Local Area Network (LAN). 

7. (Amended) A transmission system, as claimed in [any preceding] claim 1, 
characterised in that said system is an Asynchronous Transfer Mode (ATM) transmission 
system, adapted for the transmission of IP data packets, using ATM as a carrier network. 



11. (Amended) A method, as claimed in [any of claims 8 to 10] claim 8 . 
characterised in that said protected network is a Local Area Network (LAN). 

12. (Amended) A method, as claimed in [any of claims 8 to 11] claim 8 . 
characterised in that said system is an Asynchronous Transfer Mode (ATM) transmission 
system, adapted for the transmission of IP data packets, using ATM as a carrier network. 

15. (Amended) Apparatus, as claimed in [either] claim 13, [or claim 14,] 
characterised in that the IC-breaker (IC-BREAKER 2), located on the protected network side 
of the firewall is adapted to: 

identify the size of a Ping IP -packet, received from a sender in the form of a IC- 
breaker, located outside the firewall, said size being indicative of the type of packet 
which has been received and the port via which it was received; 
return the Ping IP-packet to the sender, which opens the firewall for a limited period 
of time; 

await receipt, from the sender, of said IP data packet for the protected network during 
said limited period of time said firewall is open; and 
send the received IP data packets to the protected network. 

17. (Amended) An IC-breaker adapted for use with apparatus as claimed in [any of 
claims 13 to 16] claim 13 . characterised in that said IC-breaker includes means for 
transmitting PING packets to an IC-breaker, located behind a firewall, means for storing a 
received IP packets, means for detecting receipt of said IP packets from within said firewall, 
and means, operative in response to receipt of IP packets to transmit stored IP packets. 

18. (Amended) An IC-breaker adapted for use with apparatus as claimed in [any of 
claims 13 to 16] claim 13 . characterised in that said IC-breaker includes means for 
identifying a received PING packet and determining an associated IP packet type therefrom, 
means for transmitting an IP packets of said associated IP packet type therefrom, 
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means for transmitting an IP packets of said associated IP packet type through the firewall, 
means for receiving an IP packet transmitted through said firewall, and means for distributing 
said IP packet to a predetermined address. 

19. (Amended) A transmission system, adapted for the transmission of IP data 
packets, said system including an IP -network (LAN) protected by a firewall, characterised in 
that said system includes an apparatus as claimed in [any of claims 13 to 16] claim 13 . 

20. (Amended) A communications system including a transmission system as 
claimed in [any of claims 1 to 7 or claim 19,] claim 1 [or operating in accordance with a 
method as claimed in any of claims 8 to 12].-- 
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TRANSMISSION SYSTEM ADAPTED FOR IP DATA PACKETS 

The invention relates to transmission systems which are adapted for the 
transmission of iP (Internet Protocoi) data packets through a firewall, the system 
including means adapted to temporarily open the firewaii to enable IP data packets 
to be transmitted therethrough, a method for the transmission of IP data packets to 
a system inside a firewall, apparatus for providing access to a firewall protected 
network, and a communications system including the transmission system of the 
present invention, or operating in accordance with the method of the present 
invention. 

It is known to use a firewaii and other equipment to block incoming traffic, 
such as, IP (Internet Protocol) data packets, but the problem with a firewall and other 
equipment designed to block incoming data packets, is that it can be very difficult 
to remotely control systems which are inside the firewaii. 

When an attempt is made by a computer to contact another computer, 
difficulties are sometimes experienced in obtaining a reply from the computer. In 
these circumstances, it is possible to use a Ping service to determine whether, or 
not, the computer is connected to the network. In operation, the Ping service sends 
a message, in the form of a data packet, to the computer, with which contact is 
required, and when the computer receives the data packet it sends it back to the 
sender, if the data packet is not returned, then the sender will be aware that the 
computer is not connected to the network. In Windows, the Ping service can be run 
from DOS. 

It is an object of the present invention to provide a transmission system, 
adapted for the transmission of IP (Internet Protocol) data packets through a firewall, 
the system including means adapted to temporarily open the firewall to enable IP 
data packets to be transmitted therethrough. The firewall opening means are 
provided by two IC-breakers, one of which is located on one side of the firewall and 
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the other one of which is located on the other side of the firewall. An IC-breaker is 
a function that can be either included In an appiication, or be a separate entity. 

It is another object of the present invention to provide a method for the 
transmission of IP data packets to a system inside a firewall. 

It is another object of the present invention to provide apparatus for providing 
access to a firewall protected network and a transmission system including such an 
apparatus. 

It is another object of the present invention to provide IC-breakers adapted 
for use with apparatus of the present invention. 

it is another object of the present invention to provide a communications 
system including the transmission system of the present invention, or operating in 
accordance with the method of the present invention. 

According to a first aspect of the present invention, there is provided, a 
transmission system, adapted for the transmission of IP data packets, said system 
including an iP-network and a network protected by a firewail, said firewall being 
adapted to block incoming traffic to the protected network, characterised in that said 
system further includes means for temporarily opening the firewall to enable IP data 
packets to be transmitted through the firewall to the protected network. 

The firewall may be adapted to be transparent to Ping (iCMP)-packets; IP- 
traffic passing through the firewall from the inside thereof to the outside thereof; and, 
for a limited pehod of time, IP-traffic, similar to that which is sent from the inside of 
the firewall to the outside of the firewall, passing through the firewall from the outside 
thereof to the inside thereof. 

The means for temporarily opening the firewall may include first and second 
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IC-breakers, located on opposite sides of said firewall, and said iC-breakers may 
have a structure and functionality dictated by the manner in which said firewall is 
adapted to operate. 

The first IC-breaker may be adapted, on receipt of an iP data packet, to store 
said IP data packet; send a Ping IP-packet to the second IC-breaker through the 
firewall; await receipt of a returned Ping IP-packet from the second IC-breaker, said 
IP- packet opening the firewall for a short period of time; and send said stored IP 
data packet through the open firewall to the second IC-breaker. 

The second IC-breaker may be adapted to identify the size of a Ping IP- 
packet received from a sender located outside of the firewall, said size being 
indicative of the type of packet which has been received and the port via which it 
was received; return the Ping IP-packet to the sender, which opens the firewall for 
a limited period of time; await receipt, from the sender, of an IP data packet for the 
protected network, during said limited period of time said firewall is open; and send 
the received !P data packet to the protected network. 

The first IC-breaker may be located on the IP-network side of the firewall, in 
which case, said second IC-breaker is located on the protected network side of the 
firewall. The first IC-breaker may be adapted to receive IP data packets from IP- 
network equipments that are destined for the protected network. The iC-breakers 
may be adapted, on receipt, by said first IC-breaker, of a IP data packet for the 
protected network, to communicate with each other, through the firewall, using Ping 
(lCMP)-packets, a Ping-packet returned by said second IC-breaker to said first IC- 
breaker temporarily opening the firewall for this type of traffic, and said first IC- 
breaker may be adapted, on receipt of the returned Ping-packet, to send the IP data 
packet through the opened firewall to the second IC-breaker. The second IC- 
breaker may be adapted, on receipt of said IP data packet, to send the received 
packet to the protected network. 
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According to a second aspect of the present invention, there is provided, a 
transmission system, adapted for the transmission of IP data packets, said system 
including an IP-network and a network protected by a firewall, characterised in that 
said firewall is adapted to allow a particular type IP-packet to pass through tlie 
firewall to the protected network; IP-traffic to pass through the firewall from the 
inside thereof to the outside thereof, said IP-traffic opening the firewall for IP-traffic 
for a limited period of time; and IP-traffic, similar to that which is sent from the inside 
of the firewall to the outside of the firewall, to be transmitted through the firewall to 
the protected network duhng said limited period of time. The particular type of IP- 
packet may be a Ping (ICMP)-packet. 

The protected network may be a Local Area Network (LAN) and the 
transmission system may be an Asynchronous Transfer Mode (ATM) transmission 
system, adapted for the transmission of IP data packets, using ATM as a carrier 
network. 

According to a third aspect of the present invention, there is provided, in a 
transmission system, adapted for the transmission of IP data packets, said system 
including an IP-Network and a network protected by a firewall, a method for the 
transmission of IP data packets to the protected network, charactensed by opening 
said firewall for a limited period of time and by transmitting an IP data packet, 
through the opened firewall, to the protected network. 

The method may be characterised by said firewall allowing a particular type 
of IP-packet to pass through; and IP-traffic to pass through, from the inside thereof 
to the outside thereof, said IP-traffic opening the firewall for said limited period of 
time; and by transmitting said !P data packet to said protected network during said 
limited period of time, said IP data packet being similar to the IP-traffic which opens 
the firewall for said limited period of time. The method may be further characterised 
by said particular type of IP-packet being a Ping (ICMP)-packet. 
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The method may be characterised by said system including first and second 
!C-breakers, located on opposite sides of said firewall, and by said IC-breakers 
having a structure and functionality dictated by the manner in which said firewall 
operates. The method may be further characterised by said first IC-breaker being 
located on the outside of the firewall and said second IC-breaker being located on 
the inside of the firewall, and by said first IC-breaker receiving and storing IP data 
packets for the protected network; on receipt of said IP data packet, sending Ping 
IP-packets to the second IC-breaker through the firewall; awaiting receipt of a return 
Ping IP-packet from the second iC-breaker, said IP-packet opening the firewall for 
a short period of time; and sending said stored IP data packet through the open 
firewall to the second tC-breaker. The method may be further characterised by said 
second IC-breaker identifying the size of a Ping IP-packet received from said first 
IC-breaker, said size being indicative of the type of packet which has been received 
and the port via which it was received; returning the Ping IP-packet to said first IC- 
breaker, thereby opening the firewall for a limited period of time; awaiting receipt, 
from said first IC-breaker, of said IP data packet for the protected network, during 
said limited period of time said firewall is open; and sending the received IP data 
packet to the protected network. 

The method may be characterised by said first iC-breaker being located on 
the IP-network side of the firewall and said second IC-breaker being located on the 
protected network side of the firewall; said first IC-breaker receiving and storing IP 
data packets from IP-network equipments that are destined for the protected 
network; said IC-breakers. on receipt, by said first IC-breaker, of a IP data packet 
for a protected network, communicating with each other, through the firewall, using 
Ping (ICMP)-packets, a Ping-packet returned by said second IC-breakerto said first 
IC-breaker temporarily opening the firewall for this type of traffic; said first IC- 
breaker, on receipt of the returned Ping-packet, sending the IP data packet through 
the opened firewall to the second IC-breaker; and said second IC-breaker, on receipt 
of said IP data packet, sending the received packet to the protected network. 
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The method may be characterised in that said protected network is a Local 
Area Network (LAN). 

The method may be characterised in that said system is an Asynchronous 
Transfer Mode (ATM) transmission system, adapted for the transmission of IP data 
packets, using ATM as a carrier network. 

According to a fourth aspect of the present invention, there is provided, 
apparatus for providing access to a firewall protected network, characterised in that 
said arrangement includes means for temporarily opening the firewall to enable iP 
data packets to be transmitted through the firewall to said protected network. The 
means for temporarily opening the firewall may include two IC-breakers, located on 
opposite sides of said firewall, and said firewaii may be adapted to allow IP-traffic 
to be transmitted from the inside thereof to the outside thereof, and communication 
between said IC-breakers using a Ping service, a response to said Ping service 
temporarily opening the firewall for the transmission of IP data packets to said 
protected network. 

The iC-breaker, located on the outside of said firewall, may be adapted to 
store IP data packets destined for the protected network; send Ping IP-packets to 
the other IC-breaker through the firewall; await receipt of a returned Ping IP-packet 
from said other IC-breaker, said IP- packet opening the firewall for a limited period 
of time; and send said stored IP data packet through the open firewall to said other 
IC-breaker. 

The IC-breaker, located on the protected network side of the firewall may be 
adapted to identify the size of a Ping IP-packet received from a sender located 
outside the firewall, said size being indicative of the type of packet which has been 
received and the port via which it was received; return the Ping IP-packet to the 
sender, which opens the firewall for a limited period of time; await receipt, from the 
sender, of an IP data packet for the protected network, during said limited period of 



wo 00/16530 



PCT/SE99/01561 



-7- 

time said firewall is open; and send the received IP data packet to the protected 
network. 

A first one of said IC-breakers may be located on the outside of the firewall 
and a second one of said IC-breaker is located on the protected network side of the 
firewall, said first IC-breaker may be adapted to receive and store IP data packets 
destined for the protected network, said IC-breakers may be adapted, on receipt, by 
said first IC-breaker, of a IP data packet for the protected network, to communicate 
with each other, through the firewall, using Ping (ICMP)-packets, a Ping-packet 
returned by said second IC-breaker to said first IC-breaker temporarily opening the 
firewall for this type of traffic, said first IC-breaker may be adapted, on receipt of the 
returned Ping-packet, to send the IP data packet through the opened firewall to the 
second IC-breaker, and said second IC-breaker may be adapted, on receipt of said 
IP data packet, to send the received packet to the protected network. 

According to a fifth aspect of the present invention, there is provided, an tC- 
breaker adapted for use with apparatus as outlined in preceding paragraphs, 
characterised in that said !C breaker includes means for transmitting PING packets 
to an IC breaker located behind a firewall, means for storing a received IP packet, 
means for detecting receipt of an IP packet from within said firewall, and means, 
operative in response to receipt of an IP packet from within said firewall, to transmit 
IP stored packets. 

According to a sixth aspect of the present invention, there is provided, an IC- 
breaker adapted for use with apparatus as outlined in preceding paragraphs, 
characterised in that said IC-breaker includes means for identifying a received PING 
packet and determining an associated IP packet type therefrom, means for 
transmitting an IP packet of the type associated with the received IP packet through 
the firewall, means for receiving an IP packet transmitted through said firewall, and 
means for distributing said IP packet to a predetermined address. 
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According to a seventh aspect of the present invention, there is provided, a 
transmission system, adapted for the transmission of iP data packets, said system 
including an IP-network and a network protected by a firewall, characterised in that 
said system includes an apparatus as outlined in preceding paragraphs. 

According to an eighth aspect of the present invention, there is provided, a 
communications system including a transmission system, as outlined in preceding 
paragraphs, or operating in accordance with a method, as outlined in preceding 
paragraphs. 

The foregoing and other features of the present invention will be better 
understood from the following description with reference to the single figure of the 
accompanying drawings which diagrammaticaliy illustrates a transmission system 
according to the present invention. 

The single figure of the accompanying drawings diagrammaticaliy illustrates 
an example of how a SNMP (Switching Network Management Protocol )-TRAP can 
be distributed to a remote system which is inside a firewall. TRAP is an SNMP 
operation, in practice, the IP-plane control entity, on recognizing an IP data flow, 
may be adapted to generate a SNMP-TRAP with information about the recognized 
IP data flow and its attributes. An SNMP-TRAP may be used to issue an 
unconfirmed notification to downstream/upstream nodes of an ATM carrier network 
and SNMP SET/RESPONSE may be used when confirmation is sought by the 
transmission system. 

As is diagrammaticaliy illustrated in the single figure of the accompanying 
drawings, a firewall, which is interposed between an IP-Network and a firewall 
protected network, for example, a Local Area Network (LAN), is adapted to normally 
block incoming traffic, from an Equipment connected to the IP-Network, to a Remote 
System connected to a firewall protected network. The iP-Network includes an IC- 
breaker 1, which is adapted to receive and store an IP data packet from the IP- 
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Network Equipment and to communicate, in a manner to be subsequently outlined, 
with an IC-breaker 2. The iC-breaker 2 is adapted to send IP data packets, 
received from IC-breaker 1 , to the Remote System connected to the LAN. 

The problem with a firewall and other equipment is that it can be very difficult 
to remotely control systems which are Inside the firewall, i.e. the Remote System. 
An IC-breaker which is adapted to temporarily open the firewall for a special type of 
traffic, is a functionality that can be either included in an application, or in a separate 
entity. The transmission system of the present invention includes two IC-breakers, 
one of which is inside the firewall and the other one of which is outside the firewall. 

As is diagrammaticaliy illustrated in the single figure of the accompanying 
drawings, the distribution of traffic from an equipment outside the firewall to a 
network user inside the firewall is effected through use of IC-breaker 1 in association 
with IC-breaker 2. In particular, an IP data packet required to be transmitted from 
the iP-Network Equipment to the Remote System, is sent by the IP-Network 
Equipment to the iC-breaker 1 . The received IP data packet is stored in the IC- 
breaker 1 . The stored IP data packet is then sent by IC-breaker 1 to IC-breaker 2, 
which is situated inside the firewall, in a manner according to the present invention. 
On receipt of the IP data packet, IC-breaker 2 sends it to the Remote System. 

The IC-breakers have a structure and functionality based on the following 
properties of the firewall: 

a 'PING' (Internet Control Message Protocol (ICMP)) packets can always be 
sent through a firewall; 

IP- traffic can always be transmitted from the inside of a firewall to the outside 
of the firewall; and 

if IP-traffic is sent from the inside of a firewall to the outside of the firewall. 
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simiiar IP-traffic can be transmitted to the network protected by the firewall 
during a limited period of time. 

As stated above, the Ping service which, in Windows, can be run on DOS, 
enables a network equipment to sends messages, in the form of data packets, to a 
computer with which contact is required. If the computer is connected to the 
network, the computer, on receipt of a Ping packet, sends it back to the network 
equipment. If the data packet is not returned, the network equipment will know that 
the computer is not connected to the network. 

A method, according to the present invention, for the distribution of a SNMP- 
TRAP to a network inside a firewall, i.e. the Remote System of the LAN, will now be 
described with reference to the single figure of the accompanying drawings. The 
steps of this method, which are illustrated in the single figure of the drawings by the 
lines numbered 1 to 5, are as follows: 

the IP-Network Equipment sends an IP data packet to IC-breaker 1 , as shown 
by line 1 , the data packet being stored in IC-breaker 1 ; 

on receipt and storage of the IP data packet, IC-breaker 1 sends a series of 
Ping (ICMP) packets (messages) to IC-breaker 2 (see line 2) - Ping (ICMP) 
packets can always be sent through a firewall; 

on receipt of the Ping (ICMP) packets, iC-breaker 2 sends an iP data packet 
back to IC-breaker 2 (see line 3), which opens the firewall temporarily for this 
kind of traffic - IP-traffic can always be transmitted from the inside of a firewall 
to the outside of the firewall; 

IC-breaker 1 sends the IP data packet, for the Remote System of the LAN, 
through the opened firewall to IC-breaker 2 (see line 4); and 
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on receipt of the IP data packet, IC-breaker 2 sends the IP data packets to 
the Remote System of the LAN, as shown by line 5, 

It will be seen from the foregoing description that, in accordance with the 
present invention an arrangement and method is provided for gaining access to a 
firewai! protected network, i.e. the Remote System of the LAN, and that means are 
provided for temporarily opening the firewall to enable IP data packets to be 
transmitted therethrough to the protected network. 

In particular, the means for temporarily opening the firewall include two IC- 
breakers, IC-breaker 1 and IC-breaker 2, located on opposite sides of said firewall, 
that the functional arrangements for the firewall is such that it allows IP-traffic to be 
transmitted from the inside thereof to the outside thereof, and communication to be 
effected between the two IC-breakers using a Ping service, and that a response to 
the Ping service temporarily opens the firewall for the transmission of IP data 
packets to the protected network. The IC-breaker functions are shown in the 
following table: 



Arriving IP data packet 


Arriving Ping-packets 


Send a number of Ping-packets to an 
IC-breaker inside the firewall; the 
packet size being indicative of the 
type of packet which has been 
received and the port via which it was 
received. 


Identify the packet size of the Ping- 
packets which indicates the type of IP- 
packets, associated with the Ping- 
packets, and a particular port via 
which it was received. 
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Await receipt of an IP-packet from an 
iC-breaker which pings, i.e. responds 
to the Ping-packets. The received IP- 
packet causing the firewall for a short 
period of time and thereby allow an IP 
data packet to pass through the 
firewall, from the outside to the inside. 


Send to the IC-breaker, outside the 
firewall, a packet of the type which 
has been identified. This will cause 
the firewall to open for a short period_ 
of time. 


Send the original IP data packet 
through the opened firewall to the IC- 
breaker inside the firewall for onward 
transmission to the intended recipient 
at a predetermined address. 


Await receipt of an IP data packet 
from the IC-breaker outside the 
firewall and, on receipt, send the IP 
data packet to a predetermined 
address, for example, a remote 
computer system. 



It will also be seen from the foregoing description that the present invention 
provides a transmission system, for example, an ATM transmission system, which 
is adapted for the transmission of !P data packets, and which includes an IP- 
network, a network protected by a firewall, and means for gaining access to a 
firewall protected network. 
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CLAIMS 

1. A transmission system, adapted for the transmission of IP data packets, 
said system including an IP-network (IP-NET) and a network (LAN) protected by a 
firewall, said firewall being adapted to block incoming traffic to the protected 
network, and devices (IC-BREAKER 1 and IC-BREAKER 2) to open the firewall 
to enable IP data packets to be transferred through the firewall to the protected 
network, characterised in, that said devices to open the firewall include a first IC- 
breaker (IC-BREAKER 1) located on the IP-network side of the firewall and a 
second IC-breaker (IC-BREAKER 2) located on the protected network side of the 
firewall, that said firewall is transparent to a particular type of IP packets to enable 
communication between said IC-breakers through the firewall using said 
particular IP packets, and that said first IC-breaker is adapted to from the IP 
network equipment receive IP data packets, intended for the protected network 
(LAN), and that said first IC-breaker is adapted to, on receipt of such a particular 
IP data packet for the protected network, send said particular IP packet to said 
second IC-breaker, and besides an IP packet of said particular type, returned by 
said second IC-breaker to said first IC-breaker, occasionally opens the firewall, at 
which said first IC-breaker is adapted to, on receipt of a returned IP packet of said 
particular type, send said received IP data packet through the open firewall to the 
second IC-breaker, and that said second IC-breaker is adapted, on receipt of said 
IP data packet, to send the received IP data packet to the protected network, 

2. A transmission system, as claimed in claim 1 , characterised in that said 
particular type of IP-packet is a Ping (ICMP)-packet. 

3. A transmission system, as claimed in claim 1 or claim 2, characterised in 
that said firewall is adapted to be transparent to IP-communication through the 
firewall from the inside to the outside thereof, and, for a limited period of time, 
open to IP-communication through the firewall from the outside to the inside 
thereof. 

4. A transmission system, as claimed in any preceding claim, characterised 
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in that said first IC-breaker (IC-BREAKER 1) is adapted, on receipt of an iP data 
packet, to store said IP data packet and send said stored IP data packet tiirougli 
the open firewall to the second IC-breaker (IC-BREAKER 2), when the firewall 
has been the opened. 

5. A transmission system, as claimed in any preceding claim, characterised 
in that said second IC-breaker (IC-BREAKER 2) is adapted to identify the size of 
a Ping IP-packet received from a sender in the form of a IC-breaker said size 
being indicative of the type of packet, which has been received and the port via 
which it was received. 

6. A transmission system, as claimed in any preceding claim, characterised 
in that said protected network is a Local Area Network (LAN). 

7. A transmission system, as claimed in any preceding claim, characterised 
in that said system is an Asynchronous Transfer Mode (ATM) transmission 
system, adapted for the transmission of IP data packets, using ATM as a carrier 
network. 

8. In a transmission system, adapted for the transmission of IP data packets, 
said system including an IP-Network (IP-NET) and a network (LAN) protected by 
a firewall, a method for the transmission of IP data packets to the protected 
network, said firewall being opened for a limited period of time and IP data 
packets are transmitted through the opened firewall to the protected network 
(LAN) characterised by a first IC-breaker (IC-BREAKER 1) being located on the 
outside of the firewall and a second IC-breaker (IC-BREAKER 2) being located on 
the inside of the firewall, and by 

IP data packets being received and stored by said first IC-breaker; 

on receipt of said IP data packets a particular type of IP-packets are 

transmitted by said first IC-Breaker to said second IC-breaker through the 

firewall; 

awaiting receipt of said particular type of IP-packet from said second IC- 
breaker, said IP-packet opening the firewall for a short period of time; and 
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sending said stored IP data packet through the open firewall to said 
second IC-breaker. 

9. A method, as claimed in claim 8, characterised by said particular type of 
IP-packet being a Ping (ICMP)-packet. 

10. A method, as claimed in claim 9, characterised by: 

the size of a Ping IP-packet received from said first IC-breaker (IC-Breaker 
1), being identified by said second IC-breaker (IC-Breaker 2), said size 
being indicative of the type of packets which have been received and the 
port via which it was received; 

ping IP-packet being returned to said first IC-breaker (IC-Breaker 1) by 
said second IC-breaker (IC-Breaker 2), thereby opening the firewall for a 
limited period of time; 

said second IC-breaker (!C-Breaker 2) awaiting receipt, from said first IC- 
breaker, of said IP data packet for the protected network, during said 
limited period of time said firewall is open; and 

said second IC-breaker (IC-Breaker 2) sending the received IP data packet 
to the protected network. 

11. A method, as claimed in any of claims 8 to 10, characterised in that said 
protected network Is a Local Area Network (LAN). 

12. A method, as claimed in any of claims 8 to 11, characterised in that said 
system is an Asynchronous Transfer Mode (ATM) transmission system, adapted 
for the transmission of IP data packets, using ATM as a carrier network. 

13. Apparatus for providing access to a firewall protected network, including 
means for temporarily opening the firewall to enable IP data packets to be 
transmitted through the firewall to said protected network (LAN) characterised in 
that said means for temporarily opening the firewall include two IC-breakers, (IC- 
breaker 1 and IC-breaker 2) located on opposite sides of said firewall, and in that 
said firewall is adapted to allow IP-traffic from one side thereof the other side and 
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communication between said IC-breakers using a Ping service, a response to 
said Ping service temporarily opening the firewall for the transmission of IP data 
packets to said protected network (LAN). 

14. Apparatus as claimed in claim 13, characterised In that the iC-breaker, 
located on the outside of said firewall, is adapted to: 

store IP data packets destined for the protected network (LAN); 
send Ping IP-packets to the other IC-breaker through the firewall; 
await receipt of a returned Ping IP-packet from said other IC-breaker, said 
returned IP-packet opening the firewall for a limited period of time; and 
send said stored IP data packets through the open firewall to said other IC- 
breaker. 

15. Apparatus, as claimed in either claim 13, or claim 14, characterised in 
that the IC-breaker (IC-BREAKER 2), located on the protected network side of the 
firewall is adapted to: 

identify the size of a Ping IP-packet, received from a sender in the fomn of 
a IC-breaker, located outside the firewall, said size being indicative of the 
type of packet which has been received and the port via which it was 
received; 

return the Ping IP-packet to the sender, which opens the firewall for a 
limited period of time; 

await receipt, from the sender, of said IP data packet for the protected 
network during said limited period of time said firewall is open; and 
send the received IP data packets to the protected network. 

16. Apparatus, as claimed in claim 13, characterised in that the first one of 
said IC-breakers (iC-BREAKER 1) is located on the outside of the firewall and 
that the second one of said IC-breakers (IC-BREAKER 2) is located on the 
protected network side (LAN) of the firewall, in that said first IC-breaker is 
adapted to receive and store IP data packets destined for the protected network, 
in that said IC-breakers are adapted, on receipt, by said first IC-breaker, of a IP 
data packet for the protected network, to communicate with each other, through 
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the firewall, using Ping (ICMP)-packets, a Ping-packet returned by said second 
IC-breaker to said first IC-breaker temporarily opening the firewall for this type of 
traffic, in that said first IC-breaker (IC-BREAKER 1) is adapted, on receipt of the 
returned Ping-packet, to send IP data packets through the opened firewall to the 
second IC-breaker (IC-BREAKER 2), and in that said second IC-breaker is 
adapted, on receipt of said IP data packet, to send the received packets to the 
protected network. 



17. An IC-breaker adapted for use with apparatus as claimed in any of claims 
13 to 16, characterised in that said IC-breaker includes means for transmitting 
PING packets to an IC-breaker, located behind a firewall, means for storing a 
received IP packets, means for detecting receipt of said IP packets from within 
said firewall, and means, operative in response to receipt of IP packets to 
transmit stored IP packets. 



18. An IC-breaker adapted for use with apparatus as claimed in any of claims 
13 to 16, characterised in that said IC-breaker includes means for identifying a 
received PING packet and determining an associated IP packet type therefrom, 
means for transmitting an IP packets of said associated IP packet type through 
the firewall, means for receiving an IP packet transmitted through said firewall, 
and means for distributing said IP packet to a predetermined address. 

19. A transmission system, adapted for the transmission of IP data packets, 
said system including an IP-network (LAN) protected by a firewall, characterised 
in that said system includes an apparatus as claimed in any of claims 13 to 16. 

20. A communications system including a transmission system as claimed in 
any of claims 1 to 7 or claim 1 9, or operating in accordance with a method as 
claimed in any of claims 8 to 12. 
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WE (£) the undersigned inventor (s), hereby declare(s) that: 

My residence, post office address and citizenship are as stated below next to my name, 

We (I) believe that we are (I am) the original, first, and joint (sole) inventor(s) of the subject matter which is 
claimed and for which a patent is sought on the invention entitled 

A TRZ^SMI SSION SYSTEM, A METHOD AND Ml APPARATUS PROVIDING ACCESS FOR IP DATA 
PACKETS TO A FIREWALL PROTECTED NETWORK (AS AMENDED) 



the specification of which 

□ is attached hereto. 

□ was filed on as 

Application Serial No. 

and amended on 

B was filed as PCT international application 

Number Pm^/gT^QQ/nl Rfil . 

»n September 08. 1999 

and was amended under PCT Article 19 

on (if applicable). 



We (1) hereby state that we (1) have reviewed and understand the contents of the above-identified 
specification, including the claims, as amended by any amendment referred to above. 

We (I) acknowledge the duty to disclose information known to be material to the patentability of this 
application as defined in Section 1.56 of Title 37 Code of Federal Regulations. 

We (T) hereby claim foreign priority benefits under 35 U.S.C. § 119(a)-(c^ or § 365(b) of any foreign 
application(s) for patent or inventor's certificate, or § 365(a) of any PCT International application which 
designated at least one country other than the United States, listed below and have also identified below, by 
checking the box, any foreign application for patent or inventor's certificate, or PCT International application 
having a filing date before that of the application on which priority is claimed. Prior Foreign Application(s) 
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Declaration 



We 0) hereby claim the benefit under Title 35, United States Code, § 119(e) of any United States provisional 
appHcalion(s) hsted below. 

(AppUcation Number) (Filing Date) 

(Application Number) (Filing Date) 

We (I) hereby claim the benefit under 35 U.S.C. § 120 of any United States application(s), or under § 365(c) 
of any PCT International application designating the United States, listed below and, insofar as the subject matter of 
each of the claims of this appUcation is not disclosed in the prior United States or PCT International in the manner 
provided by the first paragraph of 35 U.S.C. § 112, 1 acknowledge the duty to disclose information which is material 
to patentability as defined in 37 CFR § 1.56 which became available between the fiUng date of the prior appUcation 
and the national or PCT International filing date of this application. 

Application Serial No. Filing Date Status (pending, patented, 

abandoned) 

PCT/SE99/01561 08 September 1999 



And we (I) hereby appoint the following registered practitioner(s): 

■llllllllli 
022860 

as our (my) attorneys, with full powers of substitution and revocation, to prosecute this application and to transact all 
business in the Patent Office connected therewith; and we (I) hereby request that all correspondence regarding this 
appUcation be sent to 

llliilililii 
022860 



We (I) declare that aU statements made herein of our (my) own knowledge are true and that all statements made on 
information and belief are believed to be true; and further that these statements were made with the knowledge that 
willful false statements and the like so made are punishable by fine or imprisonment, or both, tmder Section 1001 of 
Title 18 of the United States Code and that such willful false statements may jeopardize the validity of the appUcation 
or any patent issuing thereon. 
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